DoD

The Government Accountability Office (“GAO”) released a report on the Defense Contract Audit Agency’s (“DCAA”) past and future use of private-sector, independent public accountants to augment its auditor workforce. The initiative—approved under Section 803 of the Fiscal Year (“FY”) 2018 National Defense Authorization Act (“NDAA”)—began in fiscal year 2020 and was originally envisioned by Congress as a tool to reduce DCAA’s backlog of incurred cost audits. But, as GAO noted, DCAA had largely eliminated its audit backlog by the end of FY 2018, primarily through its reliance on risk-based sampling methodology, which reduced the number of audits DCAA was required to complete.Continue Reading GAO: DCAA Built a Valuable Bench of Independent Public Accountants, Now What?

This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in April 2025. 

NIST Publishes Initial Draft of Guidance for High Performance Computing Systems

U.S. National

Continue Reading April 2025 Cybersecurity Developments Under the Trump Administration

This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in March 2025. 

Trump Administration Executive Order on Achieving Efficiency

On March 19, 2025, the Trump

Continue Reading March 2025 Cybersecurity Developments Under the Trump Administration

On April 9, 2025, President Trump issued an Executive Order (“EO”), “Modernizing Defense Acquisitions and Spurring Innovation In the Defense Industrial Base,” that may have significant implications for federal government contractors doing business with the Department of Defense (“DoD”), and particularly those with touchpoints to Major Defense Acquisition Programs (“MDAPs”).Continue Reading Trump Administration Issues Executive Order Aimed At Modernizing Defense Acquisitions And Spurring Innovation

On April 1, the Office of Strategic Capital (OSC) announced that it received more than 200 applications, totaling over $8.9 billion in financing requests, across 38 states for the inaugural solicitation under OSC’s Domestic Manufacturing Loan Program.  As covered in a prior post, under the Notice of Funding Availability (NOFA) released last fall, OSC plans to loan up to $984 million to eligible companies to expand the U.S. industrial base, with individual loans ranging between $10 million to $150 million.  These OSC loans will support advanced manufacturing, cybersecurity, decision science, edge computing, mesh networks, microelectronics, solar, and quantum computing technologies, and eligible investments must have both a defense and a commercial application.   Continue Reading DoD’s Office of Strategic Capital Reports Significant Interest in Domestic Manufacturing Loan Program

This is the first in a new series of Covington blogs on cybersecurity policies, executive orders, and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in January and February 2025.  Below, we outline three developments affecting cybersecurity in January and February 2025, including one from the Biden Administration, which has not been rescinded.

Biden Administration Issues Second Cybersecurity Executive Order

On January 16, in one of the final acts of the Biden Administration, the White House issued Executive Order (”EO”) 14144 on “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.”  EO 14144 expands on the National Cybersecurity Strategy and EO 14028, Improving the Nation’s Cybersecurity, which we first previously wrote about here.  This new EO requires a range of additional security enhancements to U.S. government and supporting digital infrastructure, including improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and use of emerging technologies for cybersecurity across agencies and with the private sector. Continue Reading January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations

This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken

Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On November 15, 2024, the Department of Defense (“DoD”) published a Notice of Proposed Rulemaking (“Proposed Rule”) entitled “Defense Federal Acquisition Regulation Supplement: Disclosure of Information Regarding Foreign Obligations.”  The Proposed Rule would impose new disclosure obligations on “Offeror[s]” (pre-award) and “Contractor[s]” (post-award) that are triggered in certain

Continue Reading Department of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign Entities

This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by

Continue Reading October 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”).  This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory.  The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department.  It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.Continue Reading Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations